CHART Exchange October 2021

Page 17

KROLL - RANSOMEWARE REPORT

INITIAL ACCESS BROKERS: FUELING THE RANSOMWARE THREAT The article below was extracted from The Monitor newsletter, a monthly digest of Kroll’s global cyber risk case intake. By Nicole Sette, Keith Wojcieszek, Keith L. Novak & Laurie Lacono

K

During the last year, multiple VPN providers have announced critical vulnerabilities, many of which could be exploited by attackers to access sensitive data such as login credentials. Open RDP instances are often exploited by actors testing

Once access is achieved, access brokers advertise their network access on dark web forums, seeking to sell the validated credentials to ransomware operators, affiliates or other criminals who leverage the initial access to conduct a number of different cyber attacks such as data theft or encryption.

roll has observed an uptick in actors offering network access Threat actors who on the dark web, offer network access, particularly in the wake of known as initial access brokers, recent disruptions to the ransomware-as-a-service operate at the beginning of the (RAAS) ecosphere such as intrusion lifecycle by conducting the ban on ransomware reconnaissance to identify discussions in notorious underground criminal forums. networks with vulnerable UNDERSTANDING THE INITIAL ACCESS BROKER PROCESS

applications or devices, including Virtual Private Network (VPN) appliances, servers with exposed software vulnerabilities or open Remote Desktop Protocol (RDP).”

Threat actors who offer network access, known as initial access brokers, operate at the beginning of the intrusion lifecycle by conducting reconnaissance to identify networks with vulnerable applications or devices, including Virtual Private Network (VPN) appliances, servers with exposed software vulnerabilities or open Remote Desktop Protocol (RDP).

www.chart-exchange.com

credentials via brute-force attacks such as password spraying or by actors testing credentials related to the target network which are publicly exposed in credential dumps on the dark web.

In particular, ransomware operators are known to purchase such listings and provide them to their affiliate distributors who then engage in the intrusion lifecycle to execute code on the target network for lateral movement, conduct privilege escalation and ultimately, mission execution in the form of data theft, data destruction or ransomware deployment.

This segmented approach of RAAS operators creates more layers of intermediaries between the operators and the actors on the

See Ransomeware Threat Page 42

TABLE OF CONTENTS

OCTOBER 2021

17

Turn static files into dynamic content formats.

Create a flipbook

Articles inside

Lloyd’s Reports Strong 2021 Half Year Results

6min
pages 27-30

Fight “The Great Resignation” With The Greater Digitization!

6min
pages 23-26

Student Report: Luke Maguire, Social Media’s Surging Presence In Business

5min
pages 20-22

Lloyd’s Lab Announces Its Seventh Cohort With A focus On Claims & Cryptocurrencies

2min
page 9

Nine Best Practices In Defending Billion-Dollar Claims

2min
pages 15-16

How Can The Insurance Industry Appeal To Gen Z?

2min
pages 7-8

Thomas Edison Was Right

4min
pages 4-6

Multi-Channel Customer Engagement - Today’s “Must” For Insurers

3min
pages 12-14

Initial Access Brokers: Fueling The Ransomeware Threat

1min
page 17

Data Analytics: “The Holy Grail” For Insurers

2min
pages 18-19
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.